Title:
GT Cybersecurity Students Preview Research Appearing at ACM Computer and Communications Security Conference (CCS) 1) Jonathan Fuller: c3pO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration 2) Sena Sahin: Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication 3) Carter Yagemann: Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis

Thumbnail Image
Author(s)
Fuller, Jonathan
Sahin, Sena
Yagemann, Carter
Authors
Advisor(s)
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Collections
Supplementary to
Abstract
"c3pO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration", Current techniques to monitor botnets towards disruption or takedown are easily detected and insufficient. Seeking a covert and scalable solution, we look to an evolving pattern in malware that integrates standardized over-permissioned protocols, exposing privileged access to C&C servers. We implement techniques to detect and exploit these protocols from over-permissioned bots. Our findings suggest the over-permissioned protocol weakness provides a scalable approach to covertly monitor C&C servers, which is a fundamental enabler of botnet disruptions and takedowns.
"Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication", To enhance the usability of password authentication, typo-tolerant password authentication schemes permit certain deviations in the user-supplied password, to account for common typographical errors yet still allow the user to successfully log in. In prior work, analysis by Chatterjee et al. demonstrated that typo-tolerance indeed notably improves password usability, yet (surprisingly) does not appear to significantly degrade authentication security. In practice, major web services such as Facebook have employed typo-tolerant password authentication systems
"Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis", The increasing cost of successful cyberattacks has caused a mindset shift, whereby defenders now employ proactive defenses, namely software bug hunting, alongside existing reactive measures (firewalls, IDS, IPS) to protect systems. Unfortunately, bug hunting remains laborious and analysts struggle to communicate their discoveries to developers effectively for patching. In this talk, I will present my latest work on a technique I define as symbolic root cause analysis and demonstrate how it can be used to discover and explain novel vulnerabilities in real-world software.
Sponsor
Date Issued
2021-10-22
Extent
58:48 minutes
Resource Type
Moving Image
Resource Subtype
Lecture
Rights Statement
Rights URI